Java – instance level access control in Apache Shiro

Java

I found a flexible security framework Apache Shiro I successfully realized authentication and authorization with Shiro

An attractive feature of the framework is instance - based security I just copied some examples from Shiro website

The following permissions are stored in the database

printer:query:lp7200
printer:print:epsoncolor

The following code checks whether the currently authenticated user has permissions for a given printer instance

if ( SecurityUtils.getSubject().isPermitted("printer:query:lp7200") {
 // Return the current jobs on printer lp7200
}

My question is "is this the way permissions are stored in the database?" Is there a better way to store instance based permissions?

please tell me.

thank you

Solution

How this information is stored is entirely up to you Your realm implementation is responsible for querying any data source you are using and extracting permission data in your favorite format

Some people store them directly as strings (as shown in the example), while others store them in a private table (for example, if RDBMS is used) (for example, permission_type, target, action columns) You can associate a permission entity with a role, or directly with a user or a group assigned to a user, but this makes sense for your application

Your storage options are entirely up to you You have implemented data, but you want to ensure that real The ispermitted (...) operation runs as expected

Not directly implement real Ispermitted (...) method, many people find it more convenient to subclass the abstract authorizing real class, override the dogetauthorizationinfo method, and return the authorizationinfo instance that supports permission representation

In this method, you can query the data store, convert the returned data into an authorization info instance, and you will complete (don't forget to enable authorization caching - you'll see a big performance advantage)

The coverage ispermitted method is only necessary if you want very specific control queries, etc

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>